diff --git a/CHANGELOG.md b/CHANGELOG.md index c231d5e..da517bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +# 3.0.1 + +- [#28](https://github.com/okta/okta-jwt-verifier-js/pull/25) - Fix for deprecated option `requestAgentOptions` in favor of `requestAgent` (via jwks-rsa) + - More info: https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options + # 3.0.0 ### Breaking Changes diff --git a/lib.d.ts b/lib.d.ts index 19e44f6..f317c03 100644 --- a/lib.d.ts +++ b/lib.d.ts @@ -11,8 +11,8 @@ */ /* eslint-disable node/no-missing-import */ -import { AgentOptions as HttpAgentOptions } from "node:http"; -import { AgentOptions as HttpsAgentOptions } from "node:https"; +import { Agent as HttpAgent } from "node:http"; +import { Agent as HttpsAgent } from "node:https"; /* eslint-enable node/no-missing-import */ export = OktaJwtVerifier; @@ -113,13 +113,14 @@ declare namespace OktaJwtVerifier { jwksUri?: string; /** - * Additional options to pass to the jwks-rsa constructor - * - * Can be used to configure the underlying axios agent within the jwks-rsa library, - * for example to add additional certificate authorities without having to set the - * NODE_EXTRA_CA_CERTS environment variable. + * HttpAgent or HttpsAgent to use for requests to the JWKS endpoint. It should + * conform to the `HttpAgent` interface from node's `http` module or + * the `HttpsAgent` interface from node's `https` module. + * + * Read more: https://nodejs.org/api/http.html#class-httpagent + * Agent example: https://github.com/TooTallNate/node-https-proxy-agent */ - requestAgentOptions?: HttpAgentOptions | HttpsAgentOptions; + requestAgent?: HttpAgent | HttpsAgent; } type Algorithm = diff --git a/lib.js b/lib.js index 2428447..f7b0b75 100644 --- a/lib.js +++ b/lib.js @@ -177,6 +177,14 @@ class OktaJwtVerifier { assertClientId(options.clientId); } + // https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options + if (options.requestAgentOptions) { + // jwks-rsa no longer accepts 'requestAgentOptions' and instead requires a http(s).Agent be passed directly + const msg = `\`requestAgentOptions\` has been deprecated, use \`requestAgent\` instead. + For more info see https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options`; + throw new ConfigurationValidationError(msg); + } + this.claimsToAssert = options.assertClaims || {}; this.issuer = options.issuer; this.jwksUri = getJwksUri(options); @@ -187,7 +195,9 @@ class OktaJwtVerifier { cacheMaxEntries: 3, jwksRequestsPerMinute: options.jwksRequestsPerMinute || 10, rateLimit: true, - requestAgentOptions: options.requestAgentOptions, + // https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options + // requestAgentOptions: options.requestAgentOptions, !! DEPRECATED !! + requestAgent: options.requestAgent, }); this.verifier = nJwt.createVerifier().setSigningAlgorithm('RS256').withKeyResolver((kid, cb) => { if (kid) { diff --git a/package.json b/package.json index a447c67..308a663 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@okta/jwt-verifier", "private": true, - "version": "3.0.0", + "version": "3.0.1", "description": "Easily validate Okta access tokens", "repository": "https://github.com/okta/okta-jwt-verifier-js", "homepage": "https://github.com/okta/okta-jwt-verifier-js", diff --git a/test/spec/configuration.spec.js b/test/spec/configuration.spec.js index 5c3f617..ba3ec21 100644 --- a/test/spec/configuration.spec.js +++ b/test/spec/configuration.spec.js @@ -89,6 +89,20 @@ describe('jwt-verifier configuration validation', () => { expect(createInstance).toThrow(); }); + it('should throw if `requestAgentOptions` is passed', () => { + function createInstance() { + new OktaJwtVerifier({ + issuer: 'https://foo', + clientId: '123456', + requestAgentOptions: { + timeout: 10000 + } + }); + } + + expect(createInstance).toThrow(); + }); + it('should NOT throw if clientId not matching {clientId} is provided', () => { function createInstance() { new OktaJwtVerifier({